Telco industry 'not fully informed' on national security risks: govt
The government has so far blocked attempts to learn why Chinese network vendor Huawei was banned from tendering for contracts for the construction of the National Broadband Network (NBN), but the attorney-general's latest discussion paper might provide a clue to its thinking.
In kicking off the parliamentary inquiry into telecommunications interception laws, announced on Monday, the Attorney-General's Department also provided a 61-page discussion paper analysing how current legislation lags behind advances in technology and changes in the structure of the telecommunications industry.
The government would like to develop a new framework that has the government included in discussions about the hardware and software upgrades of networks early on, so that the government can advise telcos of potential security risks, which might include the vendor that telcos may be thinking of signing up with.
This would allow for "normal business operations to proceed where there are no security concerns, and facilitating expedient resolution of security concerns".
The paper states that the mass production of network equipment has resulted in lots of suppliers entering the market. This means that it is a lot cheaper for vendors, but they might not have all the information necessary on every vendor to make decisions that are sensible in terms of security.
"Government is concerned that the telecommunications industry is not fully informed about national security risks, and is therefore not equipped to respond adequately to these risks," the department stated. "As both businesses and consumers are also exposed to the consequences of potential security risks, there is a compelling case to act now. Australia is at a critical stage of telecommunications infrastructure development driven by the NBN's construction."
Failure to act as carriers get ready for the NBN would make it much harder to ensure secure networks farther down the track, and could potentially impact on national security, according to the document.
Current meetings between the government and industry on security issues only occur on an informal basis, usually only when a government agency becomes aware of a specific security risk, but the paper argues that this process should be more formal. The government states that it has a "responsibility to intervene in the market to educate and assist [carriers] to maintain a minimum level of security".
The government is considering whether providers should be required to provide the government with information about network infrastructure, and whether the government should be given powers to force telcos to comply with "security outcomes".
In meetings held with industry earlier this year, the industry stated that it wants to avoid having to get government approval for network architecture, instead preferring a requirement to meet a set "security outcome".
The government could then direct telcos to modify infrastructure, or open it up to auditing and ongoing monitoring at the cost of the company, and failure to comply would result in financial penalties.
The government intervention in tendering processes for telco companies does go some way to explain the government's intervention in banning Huawei from tendering for the NBN. It plans on providing similar advice to all telcos; NBN Co was just the first, and, being a government-owned telco, had no choice but to comply with advice from the Attorney-General's Department that Huawei's technology may represent a risk to national security.
Should the government proceed with legislative changes after the committee has completed its review, it could result in a major shift to how the telecommunications industry goes to tender, or even maintains its own network equipment.
Telstra doesn't currently use Huawei gear in its mobile network, but Vodafone is deploying Huawei SingleRAN radio network equipment in 8000 base stations for its $1 billion network overhaul, and Optus has trial 4G services in place with Huawei and some network gear in regional Australia. If Huawei is already banned in nationally owned fixed-line infrastructure, the same "security outcome" that led to this may mean that Huawei is turned down in the commercial mobile and fixed network space.
Despite knowing the context of the government's decision, the specific concerns that the government has about Huawei will likely still remain secret. The discussion paper states that companies that would be provided with information about national security will be required to sign off on non-disclosure agreements. And as Freedom of Information (FOI) requests continue to be blocked under the auspice of "national security", the Australian public is no closer to knowing anything about the actual perceived threat that one of the biggest network vendors in the world poses to our national telecommunications infrastructure.